Some tips and tricks when coding NodeJS: (Caution: highly opinionated thoughts follow) keep code tidy with "jscs" (decide on a style guide and find or make a jscs template for it) and "jshint" or "eslint" use "slow-deps" to find out which packages are slowing down your "npm install" (possibly "jscs" - consider installing it globally) - more info on "slow-deps" lock down your package versions, and their dependencies verisons, with "shrinkwrap" (this is good for stability and security!
Read More

My working day today started with the drama of 273 node modules being removed from a public repository everyone uses, with one module in particular - "left-pad" - breaking a surprisingly large number of other modules. Talk about a great disturbance in the Force, as if millions of voices suddenly cried out in terror, and were suddenly silenced. The author of the module posted the reason for his actions: https://medium.com/@azerbike/i-ve-just-liberated-my-modules-9045c06be67c#.xp2dkmk69 and while I mostly agree with him, I do wish the impact weren't quite so large.
Read More

I recently bought 3 cheap'ish wifi dongles and wanted to see how they'd do with "aircrack" in Kali Linux. I had difficulty getting any of them to work in Kali Linux 2.0 so this blog post contains Kali Linux 1.0 instructions. 1. "150Mbps High Speed USB Wireless Wifi 802.11n" Chipset: Realtek 8179 (R8188EU) Drivers: https://github.com/lwfinger/rtl8188eu Instructions: # none - monitor mode doesn't work :( 2. "EDUP EP-N8537" Chipset: Ralink RT5370
Read More

I've been a fan of lcamtuf for years and recently came across an awesome project of his named "american fuzzy lop". The basic idea is that it fuzzes input files for the target application, monitoring the execution paths taken - or more importantly crashes detected. Rather than just bruteforcing and hoping for results it ends up navigating different logic paths in the app (eg: after generating a valid image header).
Read More

I recently bought a Huawei MediaPad T1 8" tablet (for a real bargain, thanks to Hot SA Deals). I'm not much of an Android fan, and really hate how manufacturers push their own user interface (usually degrading the experience further), but I must say I'm rather impressed with this device. Although it has Huawei's "UI Emotion" interface, and few custom system apps, it really is pretty good. This device is also known as the "Huawei Honor T1".
Read More

While blind command injection web vulnerabilities are incredibly useful, there's no reason we shouldn't make them un-blind. Chaining slow running commands to useful commands we can enumerate (or bruteforce) data - such as filenames, paths or strings... similar to what's done in blind SQL Injection attacks: Blind_SQL_Injection#Time-based. Consider the following chained commands: ls -l a* && ping -c 10 127.0.0.1 If the folder the "_ls -l a_*" command is executed in contains one or more files starting with "
Read More